估计这玩艺太菜了,看的人都没有,所以随便写一些东西,送它一程.
int1, int3钩子
mov eax, ebx
int f6
01000000 FA cli
01000001 53 push ebx
01000002 BB 78563412 mov ebx, 12345678
01000007 90 nop
01000008 90 nop
01000009 90 nop
0100000A 90 nop
0100000B 90 nop
0100000C 90 nop
0100000D 90 nop
0100000E 90 nop
0100000F 90 nop
01000010 90 nop
01000011 90 nop
01000012 80FC 00 cmp ah, 0
01000015 74 12 je short 01000029
01000017 80FC 01 cmp ah, 1
0100001A 74 35 je short 01000051
0100001C 80FC 02 cmp ah, 2
0100001F 74 6F je short 01000090
01000021 80FC 03 cmp ah, 3
01000024 74 70 je short 01000096
01000026 5B pop ebx
01000027 FB sti
01000028 CF iretd
01000029 3C 00 cmp al, 0
0100002B 74 02 je short 0100002F
0100002D EB 10 jmp short 0100003F
0100002F C743 04 0100000>mov dword ptr [ebx+4], 1
01000036 C703 B4000000 mov dword ptr [ebx], 0B4
0100003C 5B pop ebx
0100003D FB sti
0100003E CF iretd
0100003F FEC8 dec al
01000041 D0E0 shl al, 1
01000043 D0E0 shl al, 1
01000045 25 FF000000 and eax, 0FF
0100004A 894C03 08 mov dword ptr [ebx+eax+8], ecx
0100004E 5B pop ebx
0100004F FB sti
01000050 CF iretd
01000051 3C 00 cmp al, 0
01000053 74 02 je short 01000057
01000055 EB 27 jmp short 0100007E
01000057 C743 04 0000000>mov dword ptr [ebx+4], 0
0100005E C703 00000000 mov dword ptr [ebx], 0
01000064 BE 00000000 mov esi, 0
01000069 B9 63000000 mov ecx, 63
0100006E C74433 08 00000>mov dword ptr [ebx+esi+8], 0
01000076 83C6 04 add esi, 4
01000079 ^ E2 F3 loopd short 0100006E
0100007B 5B pop ebx
0100007C FB sti
0100007D CF iretd
0100007E FEC8 dec al
01000080 D0E0 shl al, 1
01000082 D0E0 shl al, 1
01000084 25 FF000000 and eax, 0FF
01000089 8B4403 08 mov eax, dword ptr [ebx+eax+8]
0100008D 5B pop ebx
0100008E FB sti
0100008F CF iretd
01000090 8B43 04 mov eax, dword ptr [ebx+4]
01000093 5B pop ebx
01000094 FB sti
01000095 CF iretd
01000096 8B03 mov eax, dword ptr [ebx]
01000098 83F8 00 cmp eax, 0
0100009B 74 08 je short 010000A5
0100009D 48 dec eax
0100009E 8903 mov dword ptr [ebx], eax
010000A0 83F8 00 cmp eax, 0
010000A3 ^ 74 B2 je short 01000057
010000A5 5B pop ebx
010000A6 FB sti
010000A7 CF iretd
主程序内5处SDK,全部还原一下.
01008D08 . 10000000 dd 00000010
01008D0C . 3C000000 dd 0000003C
01008D10 . BDFD807C dd kernel32.GlobalAlloc
01008D14 . BFFC807C dd kernel32.GlobalFree
01008D18 /. 55 push ebp
01008D19 |. 8BEC mov ebp, esp
01008D1B |. 50 push eax
01008D1C |. 53 push ebx
01008D1D |. 51 push ecx
01008D1E |. 52 push edx
01008D1F |. 56 push esi
01008D20 |. 57 push edi
01008D21 |. 36:8B75 08 mov esi, dword ptr [ebp+8]
01008D25 |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
01008D29 |. B8 58020000 mov eax, 258
01008D2E |. 50 push eax
01008D2F |. 6A 40 push 40
01008D31 |. 8BD6 mov edx, esi
01008D33 |. 83C2 08 add edx, 8
01008D36 |. FF12 call dword ptr [edx]
01008D38 |. 8903 mov dword ptr [ebx], eax
01008D3A |. 5F pop edi
01008D3B |. 5E pop esi
01008D3C |. 5A pop edx
01008D3D |. 59 pop ecx
01008D3E |. 5B pop ebx
01008D3F |. 58 pop eax
01008D40 |. C9 leave
01008D41 \. C2 0800 retn 8
01008D44 /. 55 push ebp
01008D45 |. 8BEC mov ebp, esp
01008D47 |. 50 push eax
01008D48 |. 53 push ebx
01008D49 |. 51 push ecx
01008D4A |. 52 push edx
01008D4B |. 56 push esi
01008D4C |. 57 push edi
01008D4D |. 36:8B75 08 mov esi, dword ptr [ebp+8]
01008D51 |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
01008D55 |. 83FB 00 cmp ebx, 0
01008D58 |. 74 08 je short 01008D62
01008D5A |. 53 push ebx
01008D5B |. 8BD6 mov edx, esi
01008D5D |. 83C2 0C add edx, 0C
01008D60 |. FF12 call dword ptr [edx]
01008D62 |> 5F pop edi
01008D63 |. 5E pop esi
01008D64 |. 5A pop edx
01008D65 |. 59 pop ecx
01008D66 |. 5B pop ebx
01008D67 |. 58 pop eax
01008D68 |. C9 leave
01008D69 \. C2 0800 retn 8
010092F0 . 52000000 dd 00000052
010092F4 . BB020000 dd 000002BB
010092F8 . BDFD807C dd kernel32.GlobalAlloc
010092FC . BFFC807C dd kernel32.GlobalFree
01009300 . FACA817C dd kernel32.ExitProcess
01009304 . 281A807C dd kernel32.CreateFileA
01009308 . D79B807C dd kernel32.CloseHandle
0100930C . 2916807C dd kernel32.DeviceIoControl
01009310 . 54000000 dd 00000054
01009314 . B3260000 dd 000026B3
01009318 . 01000000 dd 00000001
0100931C . E4202200 dd 002220E4
01009320 . 24222200 dd 00222224
01009324 . 00000000 dd 00000000
01009328 . 00004000 dd 00400000
0100932C . 00000000 dd 00000000
01009330 . 5C 5C 2E 5C 47 6A 67 6C>ascii "\\.\GjgllyDevice"
01009340 . 30 00 ascii "0",0
01009342 /. 55 push ebp
01009343 |. 8BEC mov ebp, esp
01009345 |. 50 push eax
01009346 |. 53 push ebx
01009347 |. 51 push ecx
01009348 |. 52 push edx
01009349 |. 56 push esi
0100934A |. 57 push edi
0100934B |. 36:8B55 14 mov edx, dword ptr [ebp+14]
0100934F |. 8B12 mov edx, dword ptr [edx]
01009351 |. 8B52 10 mov edx, dword ptr [edx+10]
01009354 |. 8B42 34 mov eax, dword ptr [edx+34]
01009357 |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100935A |. 3BC3 cmp eax, ebx
0100935C |. 74 0F je short 0100936D
0100935E |. 36:8B7D 10 mov edi, dword ptr [ebp+10]
01009362 |. 57 push edi
01009363 |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
01009367 |. 53 push ebx
01009368 |. 52 push edx
01009369 |. 0312 add edx, dword ptr [edx]
0100936B |. FFD2 call edx
0100936D |> 36:8B55 08 mov edx, dword ptr [ebp+8]
01009371 |. 36:8B45 0C mov eax, dword ptr [ebp+C]
01009375 |. 8902 mov dword ptr [edx], eax
01009377 |. 83C2 3C add edx, 3C
0100937A |. 36:8B45 10 mov eax, dword ptr [ebp+10]
0100937E |. 8902 mov dword ptr [edx], eax
01009380 |. 50 push eax
01009381 |. 53 push ebx
01009382 |. 51 push ecx
01009383 |. 52 push edx
01009384 |. 56 push esi
01009385 |. 57 push edi
01009386 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100938A |. B9 23000000 mov ecx, 23
0100938F |. 2BF1 sub esi, ecx
01009391 |. 8B5E 03 mov ebx, dword ptr [esi+3]
01009394 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009398 |. 81C2 D0050000 add edx, 5D0
0100939E |. 891A mov dword ptr [edx], ebx
010093A0 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010093A4 |. 83C2 24 add edx, 24
010093A7 |. 8B1A mov ebx, dword ptr [edx]
010093A9 |. 895E 03 mov dword ptr [esi+3], ebx
010093AC |. 8B5E 09 mov ebx, dword ptr [esi+9]
010093AF |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010093B3 |. 81C2 CC050000 add edx, 5CC
010093B9 |. 891A mov dword ptr [edx], ebx
010093BB |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010093BF |. 83C2 24 add edx, 24
010093C2 |. 8B1A mov ebx, dword ptr [edx]
010093C4 |. 895E 09 mov dword ptr [esi+9], ebx
010093C7 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
010093CB |. 36:0375 0C add esi, dword ptr [ebp+C]
010093CF |. 8B5E 03 mov ebx, dword ptr [esi+3]
010093D2 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010093D6 |. 81C2 C8050000 add edx, 5C8
010093DC |. 891A mov dword ptr [edx], ebx
010093DE |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010093E2 |. 83C2 24 add edx, 24
010093E5 |. 8B1A mov ebx, dword ptr [edx]
010093E7 |. 895E 03 mov dword ptr [esi+3], ebx
010093EA |. BF 00000000 mov edi, 0
010093EF |. 36:8B75 10 mov esi, dword ptr [ebp+10]
010093F3 |. B9 23000000 mov ecx, 23
010093F8 |. 2BF1 sub esi, ecx
010093FA |. D1E9 shr ecx, 1
010093FC |. D1E9 shr ecx, 1
010093FE |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009402 |. 83C2 24 add edx, 24
01009405 |. 8B1A mov ebx, dword ptr [edx]
01009407 |> AD /lods dword ptr [esi]
01009408 |. 86C4 |xchg ah, al
0100940A |. 33C3 |xor eax, ebx
0100940C |. 03F8 |add edi, eax
0100940E |. 36:8B55 08 |mov edx, dword ptr [ebp+8]
01009412 |. 83C2 28 |add edx, 28
01009415 |. 8B02 |mov eax, dword ptr [edx]
01009417 |. 83F8 00 |cmp eax, 0
0100941A |. 74 02 |je short 0100941E
0100941C |. D1C7 |rol edi, 1
0100941E |>^ E2 E7 \loopd short 01009407
01009420 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009424 |. 36:0375 0C add esi, dword ptr [ebp+C]
01009428 |. B9 16000000 mov ecx, 16
0100942D |. D1E9 shr ecx, 1
0100942F |. D1E9 shr ecx, 1
01009431 |> AD /lods dword ptr [esi]
01009432 |. 86C4 |xchg ah, al
01009434 |. 33C3 |xor eax, ebx
01009436 |. 03F8 |add edi, eax
01009438 |. 36:8B55 08 |mov edx, dword ptr [ebp+8]
0100943C |. 83C2 28 |add edx, 28
0100943F |. 8B02 |mov eax, dword ptr [edx]
01009441 |. 83F8 00 |cmp eax, 0
01009444 |. 74 02 |je short 01009448
01009446 |. D1CF |ror edi, 1
01009448 |>^ E2 E7 \loopd short 01009431
0100944A |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100944E |. 81C2 D4050000 add edx, 5D4
01009454 |. 893A mov dword ptr [edx], edi
01009456 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100945A |. B9 23000000 mov ecx, 23
0100945F |. 2BF1 sub esi, ecx
01009461 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009465 |. 81C2 D0050000 add edx, 5D0
0100946B |. 8B1A mov ebx, dword ptr [edx]
0100946D |. 895E 03 mov dword ptr [esi+3], ebx
01009470 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009474 |. 81C2 CC050000 add edx, 5CC
0100947A |. 8B1A mov ebx, dword ptr [edx]
0100947C |. 895E 09 mov dword ptr [esi+9], ebx
0100947F |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009483 |. 36:0375 0C add esi, dword ptr [ebp+C]
01009487 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100948B |. 81C2 C8050000 add edx, 5C8
01009491 |. 8B1A mov ebx, dword ptr [edx]
01009493 |. 895E 03 mov dword ptr [esi+3], ebx
01009496 |. 5F pop edi
01009497 |. 5E pop esi
01009498 |. 5A pop edx
01009499 |. 59 pop ecx
0100949A |. 5B pop ebx
0100949B |. 58 pop eax
0100949C |. 36:8B7D 08 mov edi, dword ptr [ebp+8]
010094A0 |. 83C7 40 add edi, 40
010094A3 |. 6A 00 push 0
010094A5 |. 6A 00 push 0
010094A7 |. 6A 03 push 3
010094A9 |. 6A 00 push 0
010094AB |. 6A 01 push 1
010094AD |. 68 000000C0 push C0000000
010094B2 |. 57 push edi
010094B3 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010094B7 |. 83C2 14 add edx, 14
010094BA |. FF12 call dword ptr [edx]
010094BC |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010094C0 |. 83C2 20 add edx, 20
010094C3 |. 8902 mov dword ptr [edx], eax
010094C5 |. 57 push edi
010094C6 |. 56 push esi
010094C7 |. 51 push ecx
010094C8 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
010094CC |. 8BC1 mov eax, ecx
010094CE |. 83C0 08 add eax, 8
010094D1 |. 50 push eax
010094D2 |. 6A 40 push 40
010094D4 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010094D8 |. 83C2 08 add edx, 8
010094DB |. FF12 call dword ptr [edx]
010094DD |. 8BD8 mov ebx, eax
010094DF |. 59 pop ecx
010094E0 |. 5E pop esi
010094E1 |. 5F pop edi
010094E2 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010094E6 |. 81C2 D4050000 add edx, 5D4
010094EC |. 8B02 mov eax, dword ptr [edx]
010094EE |. 8903 mov dword ptr [ebx], eax
010094F0 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
010094F4 |. 894B 04 mov dword ptr [ebx+4], ecx
010094F7 |. 56 push esi
010094F8 |. 57 push edi
010094F9 |. 51 push ecx
010094FA |. 53 push ebx
010094FB |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
010094FF |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009503 |> AC /lods byte ptr [esi]
01009504 |. 8843 08 |mov byte ptr [ebx+8], al
01009507 |. 43 |inc ebx
01009508 |.^ E2 F9 \loopd short 01009503
0100950A |. 5B pop ebx
0100950B |. 59 pop ecx
0100950C |. 5F pop edi
0100950D |. 5E pop esi
0100950E |. 53 push ebx
0100950F |. 6A 00 push 0
01009511 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009515 |. 83C2 34 add edx, 34
01009518 |. 52 push edx
01009519 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100951D |. 51 push ecx
0100951E |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009522 |. 56 push esi
01009523 |. 8BC1 mov eax, ecx
01009525 |. 83C0 08 add eax, 8
01009528 |. 50 push eax
01009529 |. 53 push ebx
0100952A |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100952E |. 83C2 28 add edx, 28
01009531 |. 8B02 mov eax, dword ptr [edx]
01009533 |. 83F8 00 cmp eax, 0
01009536 |. 75 0B jnz short 01009543
01009538 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100953C |. 83C2 2C add edx, 2C
0100953F |. 8B02 mov eax, dword ptr [edx]
01009541 |. EB 09 jmp short 0100954C
01009543 |> 36:8B55 08 mov edx, dword ptr [ebp+8]
01009547 |. 83C2 30 add edx, 30
0100954A |. 8B02 mov eax, dword ptr [edx]
0100954C |> 50 push eax
0100954D |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009551 |. 83C2 20 add edx, 20
01009554 |. 8B02 mov eax, dword ptr [edx]
01009556 |. 50 push eax
01009557 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100955B |. 83C2 1C add edx, 1C
0100955E |. FF12 call dword ptr [edx]
01009560 |. 5B pop ebx
01009561 |. 53 push ebx
01009562 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009566 |. 83C2 0C add edx, 0C
01009569 |. FF12 call dword ptr [edx]
0100956B |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100956F |. 83C2 20 add edx, 20
01009572 |. 8B02 mov eax, dword ptr [edx]
01009574 |. 50 push eax
01009575 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009579 |. 83C2 18 add edx, 18
0100957C |. FF12 call dword ptr [edx]
0100957E |. 36:8B55 14 mov edx, dword ptr [ebp+14]
01009582 |. 8B12 mov edx, dword ptr [edx]
01009584 |. 8B52 10 mov edx, dword ptr [edx+10]
01009587 |. 8B42 34 mov eax, dword ptr [edx+34]
0100958A |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100958D |. 3BC3 cmp eax, ebx
0100958F |. 74 10 je short 010095A1
01009591 |. 36:8B7D 10 mov edi, dword ptr [ebp+10]
01009595 |. 57 push edi
01009596 |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
0100959A |. 53 push ebx
0100959B |. 52 push edx
0100959C |. 0352 04 add edx, dword ptr [edx+4]
0100959F |. FFD2 call edx
010095A1 |> 5F pop edi
010095A2 |. 5E pop esi
010095A3 |. 5A pop edx
010095A4 |. 59 pop ecx
010095A5 |. 5B pop ebx
010095A6 |. 58 pop eax
010095A7 |. C9 leave
010095A8 \. C2 1000 retn 10
010095AB /. 55 push ebp
010095AC |. 8BEC mov ebp, esp
010095AE |. 50 push eax
010095AF |. 53 push ebx
010095B0 |. 51 push ecx
010095B1 |. 52 push edx
010095B2 |. 56 push esi
010095B3 |. 57 push edi
010095B4 |. 36:8B75 08 mov esi, dword ptr [ebp+8]
010095B8 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
010095BC |. 8B3A mov edi, dword ptr [edx]
010095BE |. 83C2 3C add edx, 3C
010095C1 |. 8B1A mov ebx, dword ptr [edx]
010095C3 |. 8BCF mov ecx, edi
010095C5 |> C603 00 /mov byte ptr [ebx], 0
010095C8 |. 43 |inc ebx
010095C9 |.^ E2 FA \loopd short 010095C5
010095CB |. 5F pop edi
010095CC |. 5E pop esi
010095CD |. 5A pop edx
010095CE |. 59 pop ecx
010095CF |. 5B pop ebx
010095D0 |. 58 pop eax
010095D1 |. C9 leave
010095D2 \. C2 0400 retn 4
01009EC0 . 52000000 dd 00000052
01009EC4 . E9020000 dd 000002E9
01009EC8 . BDFD807C dd kernel32.GlobalAlloc
01009ECC . BFFC807C dd kernel32.GlobalFree
01009ED0 . FACA817C dd kernel32.ExitProcess
01009ED4 . 281A807C dd kernel32.CreateFileA
01009ED8 . D79B807C dd kernel32.CloseHandle
01009EDC . 2916807C dd kernel32.DeviceIoControl
01009EE0 . 54000000 dd 00000054
01009EE4 . B3260000 dd 000026B3
01009EE8 . 01000000 dd 00000001
01009EEC . 00212200 dd 00222100
01009EF0 . 40222200 dd 00222240
01009EF4 . 00000000 dd 00000000
01009EF8 . 00004000 dd 00400000
01009EFC . 00000000 dd 00000000
01009F00 . 5C 5C 2E 5C 47 6A 67 6C>ascii "\\.\GjgllyDevice"
01009F10 . 30 00 ascii "0",0
01009F12 /. 55 push ebp
01009F13 |. 8BEC mov ebp, esp
01009F15 |. 50 push eax
01009F16 |. 53 push ebx
01009F17 |. 51 push ecx
01009F18 |. 52 push edx
01009F19 |. 56 push esi
01009F1A |. 57 push edi
01009F1B |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009F1F |. 36:8B45 0C mov eax, dword ptr [ebp+C]
01009F23 |. 8902 mov dword ptr [edx], eax
01009F25 |. 83C2 3C add edx, 3C
01009F28 |. 36:8B45 10 mov eax, dword ptr [ebp+10]
01009F2C |. 8902 mov dword ptr [edx], eax
01009F2E |. 50 push eax
01009F2F |. 53 push ebx
01009F30 |. 51 push ecx
01009F31 |. 52 push edx
01009F32 |. 56 push esi
01009F33 |. 57 push edi
01009F34 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009F38 |. B9 23000000 mov ecx, 23
01009F3D |. 2BF1 sub esi, ecx
01009F3F |. 8B5E 03 mov ebx, dword ptr [esi+3]
01009F42 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009F46 |. 81C2 D0050000 add edx, 5D0
01009F4C |. 891A mov dword ptr [edx], ebx
01009F4E |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009F52 |. 83C2 24 add edx, 24
01009F55 |. 8B1A mov ebx, dword ptr [edx]
01009F57 |. 895E 03 mov dword ptr [esi+3], ebx
01009F5A |. 8B5E 09 mov ebx, dword ptr [esi+9]
01009F5D |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009F61 |. 81C2 CC050000 add edx, 5CC
01009F67 |. 891A mov dword ptr [edx], ebx
01009F69 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009F6D |. 83C2 24 add edx, 24
01009F70 |. 8B1A mov ebx, dword ptr [edx]
01009F72 |. 895E 09 mov dword ptr [esi+9], ebx
01009F75 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009F79 |. 36:0375 0C add esi, dword ptr [ebp+C]
01009F7D |. 8B5E 03 mov ebx, dword ptr [esi+3]
01009F80 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009F84 |. 81C2 C8050000 add edx, 5C8
01009F8A |. 891A mov dword ptr [edx], ebx
01009F8C |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009F90 |. 83C2 24 add edx, 24
01009F93 |. 8B1A mov ebx, dword ptr [edx]
01009F95 |. 895E 03 mov dword ptr [esi+3], ebx
01009F98 |. BF 00000000 mov edi, 0
01009F9D |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009FA1 |. B9 23000000 mov ecx, 23
01009FA6 |. 2BF1 sub esi, ecx
01009FA8 |. D1E9 shr ecx, 1
01009FAA |. D1E9 shr ecx, 1
01009FAC |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009FB0 |. 83C2 24 add edx, 24
01009FB3 |. 8B1A mov ebx, dword ptr [edx]
01009FB5 |> AD /lods dword ptr [esi]
01009FB6 |. 86C4 |xchg ah, al
01009FB8 |. 33C3 |xor eax, ebx
01009FBA |. 03F8 |add edi, eax
01009FBC |. 36:8B55 08 |mov edx, dword ptr [ebp+8]
01009FC0 |. 83C2 28 |add edx, 28
01009FC3 |. 8B02 |mov eax, dword ptr [edx]
01009FC5 |. 83F8 00 |cmp eax, 0
01009FC8 |. 74 02 |je short 01009FCC
01009FCA |. D1C7 |rol edi, 1
01009FCC |>^ E2 E7 \loopd short 01009FB5
01009FCE |. 36:8B75 10 mov esi, dword ptr [ebp+10]
01009FD2 |. 36:0375 0C add esi, dword ptr [ebp+C]
01009FD6 |. B9 16000000 mov ecx, 16
01009FDB |. D1E9 shr ecx, 1
01009FDD |. D1E9 shr ecx, 1
01009FDF |> AD /lods dword ptr [esi]
01009FE0 |. 86C4 |xchg ah, al
01009FE2 |. 33C3 |xor eax, ebx
01009FE4 |. 03F8 |add edi, eax
01009FE6 |. 36:8B55 08 |mov edx, dword ptr [ebp+8]
01009FEA |. 83C2 28 |add edx, 28
01009FED |. 8B02 |mov eax, dword ptr [edx]
01009FEF |. 83F8 00 |cmp eax, 0
01009FF2 |. 74 02 |je short 01009FF6
01009FF4 |. D1CF |ror edi, 1
01009FF6 |>^ E2 E7 \loopd short 01009FDF
01009FF8 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
01009FFC |. 81C2 D4050000 add edx, 5D4
0100A002 |. 893A mov dword ptr [edx], edi
0100A004 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A008 |. B9 23000000 mov ecx, 23
0100A00D |. 2BF1 sub esi, ecx
0100A00F |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A013 |. 81C2 D0050000 add edx, 5D0
0100A019 |. 8B1A mov ebx, dword ptr [edx]
0100A01B |. 895E 03 mov dword ptr [esi+3], ebx
0100A01E |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A022 |. 81C2 CC050000 add edx, 5CC
0100A028 |. 8B1A mov ebx, dword ptr [edx]
0100A02A |. 895E 09 mov dword ptr [esi+9], ebx
0100A02D |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A031 |. 36:0375 0C add esi, dword ptr [ebp+C]
0100A035 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A039 |. 81C2 C8050000 add edx, 5C8
0100A03F |. 8B1A mov ebx, dword ptr [edx]
0100A041 |. 895E 03 mov dword ptr [esi+3], ebx
0100A044 |. 5F pop edi
0100A045 |. 5E pop esi
0100A046 |. 5A pop edx
0100A047 |. 59 pop ecx
0100A048 |. 5B pop ebx
0100A049 |. 58 pop eax
0100A04A |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A04E |. 8BC1 mov eax, ecx
0100A050 |. 83C0 08 add eax, 8
0100A053 |. 50 push eax
0100A054 |. 6A 40 push 40
0100A056 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A05A |. 83C2 08 add edx, 8
0100A05D |. FF12 call dword ptr [edx]
0100A05F |. 8BD8 mov ebx, eax
0100A061 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A065 |. 83C2 38 add edx, 38
0100A068 |. 891A mov dword ptr [edx], ebx
0100A06A |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A06E |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A072 |> AC /lods byte ptr [esi]
0100A073 |. 8803 |mov byte ptr [ebx], al
0100A075 |. 43 |inc ebx
0100A076 |.^ E2 FA \loopd short 0100A072
0100A078 |. 36:8B55 14 mov edx, dword ptr [ebp+14]
0100A07C |. 8B12 mov edx, dword ptr [edx]
0100A07E |. 8B52 10 mov edx, dword ptr [edx+10]
0100A081 |. 8B42 34 mov eax, dword ptr [edx+34]
0100A084 |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100A087 |. 3BC3 cmp eax, ebx
0100A089 |. 74 0F je short 0100A09A
0100A08B |. 36:8B7D 10 mov edi, dword ptr [ebp+10]
0100A08F |. 57 push edi
0100A090 |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
0100A094 |. 53 push ebx
0100A095 |. 52 push edx
0100A096 |. 0312 add edx, dword ptr [edx]
0100A098 |. FFD2 call edx
0100A09A |> 36:8B7D 08 mov edi, dword ptr [ebp+8]
0100A09E |. 83C7 40 add edi, 40
0100A0A1 |. 6A 00 push 0
0100A0A3 |. 6A 00 push 0
0100A0A5 |. 6A 03 push 3
0100A0A7 |. 6A 00 push 0
0100A0A9 |. 6A 01 push 1
0100A0AB |. 68 000000C0 push C0000000
0100A0B0 |. 57 push edi
0100A0B1 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A0B5 |. 83C2 14 add edx, 14
0100A0B8 |. FF12 call dword ptr [edx]
0100A0BA |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A0BE |. 83C2 20 add edx, 20
0100A0C1 |. 8902 mov dword ptr [edx], eax
0100A0C3 |. 57 push edi
0100A0C4 |. 56 push esi
0100A0C5 |. 51 push ecx
0100A0C6 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A0CA |. 8BC1 mov eax, ecx
0100A0CC |. 83C0 08 add eax, 8
0100A0CF |. 50 push eax
0100A0D0 |. 6A 40 push 40
0100A0D2 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A0D6 |. 83C2 08 add edx, 8
0100A0D9 |. FF12 call dword ptr [edx]
0100A0DB |. 8BD8 mov ebx, eax
0100A0DD |. 59 pop ecx
0100A0DE |. 5E pop esi
0100A0DF |. 5F pop edi
0100A0E0 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A0E4 |. 81C2 D4050000 add edx, 5D4
0100A0EA |. 8B02 mov eax, dword ptr [edx]
0100A0EC |. 8903 mov dword ptr [ebx], eax
0100A0EE |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A0F2 |. 894B 04 mov dword ptr [ebx+4], ecx
0100A0F5 |. 56 push esi
0100A0F6 |. 57 push edi
0100A0F7 |. 51 push ecx
0100A0F8 |. 53 push ebx
0100A0F9 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A0FD |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A101 |> AC /lods byte ptr [esi]
0100A102 |. 8843 08 |mov byte ptr [ebx+8], al
0100A105 |. 43 |inc ebx
0100A106 |.^ E2 F9 \loopd short 0100A101
0100A108 |. 5B pop ebx
0100A109 |. 59 pop ecx
0100A10A |. 5F pop edi
0100A10B |. 5E pop esi
0100A10C |. 53 push ebx
0100A10D |. 6A 00 push 0
0100A10F |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A113 |. 83C2 34 add edx, 34
0100A116 |. 52 push edx
0100A117 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A11B |. 51 push ecx
0100A11C |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A120 |. 56 push esi
0100A121 |. 8BC1 mov eax, ecx
0100A123 |. 83C0 08 add eax, 8
0100A126 |. 50 push eax
0100A127 |. 53 push ebx
0100A128 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A12C |. 83C2 28 add edx, 28
0100A12F |. 8B02 mov eax, dword ptr [edx]
0100A131 |. 83F8 00 cmp eax, 0
0100A134 |. 75 0B jnz short 0100A141
0100A136 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A13A |. 83C2 2C add edx, 2C
0100A13D |. 8B02 mov eax, dword ptr [edx]
0100A13F |. EB 09 jmp short 0100A14A
0100A141 |> 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A145 |. 83C2 30 add edx, 30
0100A148 |. 8B02 mov eax, dword ptr [edx]
0100A14A |> 50 push eax
0100A14B |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A14F |. 83C2 20 add edx, 20
0100A152 |. 8B02 mov eax, dword ptr [edx]
0100A154 |. 50 push eax
0100A155 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A159 |. 83C2 1C add edx, 1C
0100A15C |. FF12 call dword ptr [edx]
0100A15E |. 5B pop ebx
0100A15F |. 53 push ebx
0100A160 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A164 |. 83C2 0C add edx, 0C
0100A167 |. FF12 call dword ptr [edx]
0100A169 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A16D |. 83C2 20 add edx, 20
0100A170 |. 8B02 mov eax, dword ptr [edx]
0100A172 |. 50 push eax
0100A173 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A177 |. 83C2 18 add edx, 18
0100A17A |. FF12 call dword ptr [edx]
0100A17C |. 36:8B55 14 mov edx, dword ptr [ebp+14]
0100A180 |. 8B12 mov edx, dword ptr [edx]
0100A182 |. 8B52 10 mov edx, dword ptr [edx+10]
0100A185 |. 8B42 34 mov eax, dword ptr [edx+34]
0100A188 |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100A18B |. 3BC3 cmp eax, ebx
0100A18D |. 74 10 je short 0100A19F
0100A18F |. 36:8B7D 10 mov edi, dword ptr [ebp+10]
0100A193 |. 57 push edi
0100A194 |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
0100A198 |. 53 push ebx
0100A199 |. 52 push edx
0100A19A |. 0352 04 add edx, dword ptr [edx+4]
0100A19D |. FFD2 call edx
0100A19F |> 5F pop edi
0100A1A0 |. 5E pop esi
0100A1A1 |. 5A pop edx
0100A1A2 |. 59 pop ecx
0100A1A3 |. 5B pop ebx
0100A1A4 |. 58 pop eax
0100A1A5 |. C9 leave
0100A1A6 \. C2 1000 retn 10
0100A1A9 /. 55 push ebp
0100A1AA |. 8BEC mov ebp, esp
0100A1AC |. 50 push eax
0100A1AD |. 53 push ebx
0100A1AE |. 51 push ecx
0100A1AF |. 52 push edx
0100A1B0 |. 56 push esi
0100A1B1 |. 57 push edi
0100A1B2 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A1B6 |. 83C2 38 add edx, 38
0100A1B9 |. 8B32 mov esi, dword ptr [edx]
0100A1BB |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A1BF |. 8B7A 3C mov edi, dword ptr [edx+3C]
0100A1C2 |. FC cld
0100A1C3 |. 8B0A mov ecx, dword ptr [edx]
0100A1C5 |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0100A1C7 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A1CB |. 83C2 38 add edx, 38
0100A1CE |. 8B1A mov ebx, dword ptr [edx]
0100A1D0 |. 53 push ebx
0100A1D1 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A1D5 |. 83C2 0C add edx, 0C
0100A1D8 |. FF12 call dword ptr [edx]
0100A1DA |. 5F pop edi
0100A1DB |. 5E pop esi
0100A1DC |. 5A pop edx
0100A1DD |. 59 pop ecx
0100A1DE |. 5B pop ebx
0100A1DF |. 58 pop eax
0100A1E0 |. C9 leave
0100A1E1 \. C2 0400 retn 4
0100A4A8 . 7E000000 dd 0000007E
0100A4AC . 38030000 dd 00000338
0100A4B0 . BDFD807C dd kernel32.GlobalAlloc
0100A4B4 . BFFC807C dd kernel32.GlobalFree
0100A4B8 . FACA817C dd kernel32.ExitProcess
0100A4BC . 281A807C dd kernel32.CreateFileA
0100A4C0 . D79B807C dd kernel32.CloseHandle
0100A4C4 . 2916807C dd kernel32.DeviceIoControl
0100A4C8 . 54000000 dd 00000054
0100A4CC . B3260000 dd 000026B3
0100A4D0 . 01000000 dd 00000001
0100A4D4 . 00212200 dd 00222100
0100A4D8 . 40222200 dd 00222240
0100A4DC . 00000000 dd 00000000
0100A4E0 . 00004000 dd 00400000
0100A4E4 . 00000000 dd 00000000
0100A4E8 . 5C 5C 2E 5C 47 6A 67 6C>ascii "\\.\GjgllyDevice"
0100A4F8 . 30 00 ascii "0",0
0100A4FA . 00000000 dd 00000000
0100A4FE . 00000000 dd 00000000
0100A502 . 00000000 dd 00000000
0100A506 . 00000000 dd 00000000
0100A50A . 00000000 dd 00000000
0100A50E . 00000000 dd 00000000
0100A512 . 00000000 dd 00000000
0100A516 . 00000000 dd 00000000
0100A51A . 8C202200 dd 0022208C
0100A51E . 21000000 dd 00000021
0100A522 . A0202200 dd 002220A0
0100A526 /. 55 push ebp
0100A527 |. 8BEC mov ebp, esp
0100A529 |. 50 push eax
0100A52A |. 53 push ebx
0100A52B |. 51 push ecx
0100A52C |. 52 push edx
0100A52D |. 56 push esi
0100A52E |. 57 push edi
0100A52F |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A533 |. 36:8B45 0C mov eax, dword ptr [ebp+C]
0100A537 |. 8902 mov dword ptr [edx], eax
0100A539 |. 83C2 3C add edx, 3C
0100A53C |. 36:8B45 10 mov eax, dword ptr [ebp+10]
0100A540 |. 8902 mov dword ptr [edx], eax
0100A542 |. 50 push eax
0100A543 |. 53 push ebx
0100A544 |. 51 push ecx
0100A545 |. 52 push edx
0100A546 |. 56 push esi
0100A547 |. 57 push edi
0100A548 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A54C |. B9 23000000 mov ecx, 23
0100A551 |. 2BF1 sub esi, ecx
0100A553 |. 8B5E 03 mov ebx, dword ptr [esi+3]
0100A556 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A55A |. 81C2 D0050000 add edx, 5D0
0100A560 |. 891A mov dword ptr [edx], ebx
0100A562 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A566 |. 83C2 24 add edx, 24
0100A569 |. 8B1A mov ebx, dword ptr [edx]
0100A56B |. 895E 03 mov dword ptr [esi+3], ebx
0100A56E |. 8B5E 09 mov ebx, dword ptr [esi+9]
0100A571 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A575 |. 81C2 CC050000 add edx, 5CC
0100A57B |. 891A mov dword ptr [edx], ebx
0100A57D |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A581 |. 83C2 24 add edx, 24
0100A584 |. 8B1A mov ebx, dword ptr [edx]
0100A586 |. 895E 09 mov dword ptr [esi+9], ebx
0100A589 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A58D |. 36:0375 0C add esi, dword ptr [ebp+C]
0100A591 |. 8B5E 03 mov ebx, dword ptr [esi+3]
0100A594 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A598 |. 81C2 C8050000 add edx, 5C8
0100A59E |. 891A mov dword ptr [edx], ebx
0100A5A0 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A5A4 |. 83C2 24 add edx, 24
0100A5A7 |. 8B1A mov ebx, dword ptr [edx]
0100A5A9 |. 895E 03 mov dword ptr [esi+3], ebx
0100A5AC |. BF 00000000 mov edi, 0
0100A5B1 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A5B5 |. B9 23000000 mov ecx, 23
0100A5BA |. 2BF1 sub esi, ecx
0100A5BC |. D1E9 shr ecx, 1
0100A5BE |. D1E9 shr ecx, 1
0100A5C0 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A5C4 |. 83C2 24 add edx, 24
0100A5C7 |. 8B1A mov ebx, dword ptr [edx]
0100A5C9 |> AD /lods dword ptr [esi]
0100A5CA |. 86C4 |xchg ah, al
0100A5CC |. 33C3 |xor eax, ebx
0100A5CE |. 03F8 |add edi, eax
0100A5D0 |. 36:8B55 08 |mov edx, dword ptr [ebp+8]
0100A5D4 |. 83C2 28 |add edx, 28
0100A5D7 |. 8B02 |mov eax, dword ptr [edx]
0100A5D9 |. 83F8 00 |cmp eax, 0
0100A5DC |. 74 02 |je short 0100A5E0
0100A5DE |. D1C7 |rol edi, 1
0100A5E0 |>^ E2 E7 \loopd short 0100A5C9
0100A5E2 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A5E6 |. 36:0375 0C add esi, dword ptr [ebp+C]
0100A5EA |. B9 16000000 mov ecx, 16
0100A5EF |. D1E9 shr ecx, 1
0100A5F1 |. D1E9 shr ecx, 1
0100A5F3 |> AD /lods dword ptr [esi]
0100A5F4 |. 86C4 |xchg ah, al
0100A5F6 |. 33C3 |xor eax, ebx
0100A5F8 |. 03F8 |add edi, eax
0100A5FA |. 36:8B55 08 |mov edx, dword ptr [ebp+8]
0100A5FE |. 83C2 28 |add edx, 28
0100A601 |. 8B02 |mov eax, dword ptr [edx]
0100A603 |. 83F8 00 |cmp eax, 0
0100A606 |. 74 02 |je short 0100A60A
0100A608 |. D1CF |ror edi, 1
0100A60A |>^ E2 E7 \loopd short 0100A5F3
0100A60C |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A610 |. 81C2 D4050000 add edx, 5D4
0100A616 |. 893A mov dword ptr [edx], edi
0100A618 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A61C |. B9 23000000 mov ecx, 23
0100A621 |. 2BF1 sub esi, ecx
0100A623 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A627 |. 81C2 D0050000 add edx, 5D0
0100A62D |. 8B1A mov ebx, dword ptr [edx]
0100A62F |. 895E 03 mov dword ptr [esi+3], ebx
0100A632 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A636 |. 81C2 CC050000 add edx, 5CC
0100A63C |. 8B1A mov ebx, dword ptr [edx]
0100A63E |. 895E 09 mov dword ptr [esi+9], ebx
0100A641 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A645 |. 36:0375 0C add esi, dword ptr [ebp+C]
0100A649 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A64D |. 81C2 C8050000 add edx, 5C8
0100A653 |. 8B1A mov ebx, dword ptr [edx]
0100A655 |. 895E 03 mov dword ptr [esi+3], ebx
0100A658 |. 5F pop edi
0100A659 |. 5E pop esi
0100A65A |. 5A pop edx
0100A65B |. 59 pop ecx
0100A65C |. 5B pop ebx
0100A65D |. 58 pop eax
0100A65E |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A662 |. 8BC1 mov eax, ecx
0100A664 |. 83C0 08 add eax, 8
0100A667 |. 50 push eax
0100A668 |. 6A 40 push 40
0100A66A |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A66E |. 83C2 08 add edx, 8
0100A671 |. FF12 call dword ptr [edx]
0100A673 |. 8BD8 mov ebx, eax
0100A675 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A679 |. 83C2 38 add edx, 38
0100A67C |. 891A mov dword ptr [edx], ebx
0100A67E |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A682 |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A686 |> AC /lods byte ptr [esi]
0100A687 |. 8803 |mov byte ptr [ebx], al
0100A689 |. 43 |inc ebx
0100A68A |.^ E2 FA \loopd short 0100A686
0100A68C |. 36:8B55 14 mov edx, dword ptr [ebp+14]
0100A690 |. 8B12 mov edx, dword ptr [edx]
0100A692 |. 8B52 10 mov edx, dword ptr [edx+10]
0100A695 |. 8B42 34 mov eax, dword ptr [edx+34]
0100A698 |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100A69B |. 3BC3 cmp eax, ebx
0100A69D |. 74 0F je short 0100A6AE
0100A69F |. 36:8B7D 10 mov edi, dword ptr [ebp+10]
0100A6A3 |. 57 push edi
0100A6A4 |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
0100A6A8 |. 53 push ebx
0100A6A9 |. 52 push edx
0100A6AA |. 0312 add edx, dword ptr [edx]
0100A6AC |. FFD2 call edx
0100A6AE |> 57 push edi
0100A6AF |. 56 push esi
0100A6B0 |. 51 push ecx
0100A6B1 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A6B5 |. 8BC1 mov eax, ecx
0100A6B7 |. 83C0 12 add eax, 12
0100A6BA |. 50 push eax
0100A6BB |. 6A 40 push 40
0100A6BD |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A6C1 |. 83C2 08 add edx, 8
0100A6C4 |. FF12 call dword ptr [edx]
0100A6C6 |. 8BD8 mov ebx, eax
0100A6C8 |. 59 pop ecx
0100A6C9 |. 5E pop esi
0100A6CA |. 5F pop edi
0100A6CB |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A6CF |. 83C2 28 add edx, 28
0100A6D2 |. 8B02 mov eax, dword ptr [edx]
0100A6D4 |. 83F8 00 cmp eax, 0
0100A6D7 |. 75 0B jnz short 0100A6E4
0100A6D9 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A6DD |. 83C2 52 add edx, 52
0100A6E0 |. 8B02 mov eax, dword ptr [edx]
0100A6E2 |. EB 09 jmp short 0100A6ED
0100A6E4 |> 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A6E8 |. 83C2 5A add edx, 5A
0100A6EB |. 8B02 mov eax, dword ptr [edx]
0100A6ED |> 25 FFFF0000 and eax, 0FFFF
0100A6F2 |. 8903 mov dword ptr [ebx], eax
0100A6F4 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A6F8 |. 8B42 76 mov eax, dword ptr [edx+76]
0100A6FB |. 8943 04 mov dword ptr [ebx+4], eax
0100A6FE |. 36:8B45 0C mov eax, dword ptr [ebp+C]
0100A702 |. 8943 08 mov dword ptr [ebx+8], eax
0100A705 |. 56 push esi
0100A706 |. 57 push edi
0100A707 |. 51 push ecx
0100A708 |. 53 push ebx
0100A709 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A70D |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A711 |> AC /lods byte ptr [esi]
0100A712 |. 8843 0C |mov byte ptr [ebx+C], al
0100A715 |. 43 |inc ebx
0100A716 |.^ E2 F9 \loopd short 0100A711
0100A718 |. 5B pop ebx
0100A719 |. 59 pop ecx
0100A71A |. 5F pop edi
0100A71B |. 5E pop esi
0100A71C |. 53 push ebx
0100A71D |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A721 |. 83C3 0C add ebx, 0C
0100A724 |. 03D9 add ebx, ecx
0100A726 |. 66:C703 0100 mov word ptr [ebx], 1
0100A72B |. 83C3 02 add ebx, 2
0100A72E |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A732 |. 81C2 D4050000 add edx, 5D4
0100A738 |. 8B02 mov eax, dword ptr [edx]
0100A73A |. 8903 mov dword ptr [ebx], eax
0100A73C |. 5B pop ebx
0100A73D |. 53 push ebx
0100A73E |. 6A 00 push 0
0100A740 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A744 |. 83C2 34 add edx, 34
0100A747 |. 52 push edx
0100A748 |. 36:8B4D 0C mov ecx, dword ptr [ebp+C]
0100A74C |. 51 push ecx
0100A74D |. 36:8B75 10 mov esi, dword ptr [ebp+10]
0100A751 |. 56 push esi
0100A752 |. 8BC1 mov eax, ecx
0100A754 |. 83C0 12 add eax, 12
0100A757 |. 50 push eax
0100A758 |. 53 push ebx
0100A759 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A75D |. 83C2 28 add edx, 28
0100A760 |. 8B02 mov eax, dword ptr [edx]
0100A762 |. 83F8 00 cmp eax, 0
0100A765 |. 75 0B jnz short 0100A772
0100A767 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A76B |. 83C2 7A add edx, 7A
0100A76E |. 8B02 mov eax, dword ptr [edx]
0100A770 |. EB 09 jmp short 0100A77B
0100A772 |> 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A776 |. 83C2 72 add edx, 72
0100A779 |. 8B02 mov eax, dword ptr [edx]
0100A77B |> 50 push eax
0100A77C |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A780 |. 83C2 28 add edx, 28
0100A783 |. 8B02 mov eax, dword ptr [edx]
0100A785 |. 83F8 00 cmp eax, 0
0100A788 |. 75 0B jnz short 0100A795
0100A78A |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A78E |. 83C2 62 add edx, 62
0100A791 |. 8B02 mov eax, dword ptr [edx]
0100A793 |. EB 09 jmp short 0100A79E
0100A795 |> 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A799 |. 83C2 6A add edx, 6A
0100A79C |. 8B02 mov eax, dword ptr [edx]
0100A79E |> 50 push eax
0100A79F |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A7A3 |. 83C2 1C add edx, 1C
0100A7A6 |. FF12 call dword ptr [edx]
0100A7A8 |. 5B pop ebx
0100A7A9 |. 53 push ebx
0100A7AA |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A7AE |. 83C2 0C add edx, 0C
0100A7B1 |. FF12 call dword ptr [edx]
0100A7B3 |. 36:8B55 14 mov edx, dword ptr [ebp+14]
0100A7B7 |. 8B12 mov edx, dword ptr [edx]
0100A7B9 |. 8B52 10 mov edx, dword ptr [edx+10]
0100A7BC |. 8B42 34 mov eax, dword ptr [edx+34]
0100A7BF |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100A7C2 |. 3BC3 cmp eax, ebx
0100A7C4 |. 74 10 je short 0100A7D6
0100A7C6 |. 36:8B7D 10 mov edi, dword ptr [ebp+10]
0100A7CA |. 57 push edi
0100A7CB |. 36:8B5D 0C mov ebx, dword ptr [ebp+C]
0100A7CF |. 53 push ebx
0100A7D0 |. 52 push edx
0100A7D1 |. 0352 04 add edx, dword ptr [edx+4]
0100A7D4 |. FFD2 call edx
0100A7D6 |> 5F pop edi
0100A7D7 |. 5E pop esi
0100A7D8 |. 5A pop edx
0100A7D9 |. 59 pop ecx
0100A7DA |. 5B pop ebx
0100A7DB |. 58 pop eax
0100A7DC |. C9 leave
0100A7DD \. C2 1000 retn 10
0100A7E0 /. 55 push ebp
0100A7E1 |. 8BEC mov ebp, esp
0100A7E3 |. 50 push eax
0100A7E4 |. 53 push ebx
0100A7E5 |. 51 push ecx
0100A7E6 |. 52 push edx
0100A7E7 |. 56 push esi
0100A7E8 |. 57 push edi
0100A7E9 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A7ED |. 83C2 38 add edx, 38
0100A7F0 |. 8B32 mov esi, dword ptr [edx]
0100A7F2 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A7F6 |. 8B7A 3C mov edi, dword ptr [edx+3C]
0100A7F9 |. FC cld
0100A7FA |. 8B0A mov ecx, dword ptr [edx]
0100A7FC |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0100A7FE |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A802 |. 83C2 38 add edx, 38
0100A805 |. 8B1A mov ebx, dword ptr [edx]
0100A807 |. 53 push ebx
0100A808 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100A80C |. 83C2 0C add edx, 0C
0100A80F |. FF12 call dword ptr [edx]
0100A811 |. 5F pop edi
0100A812 |. 5E pop esi
0100A813 |. 5A pop edx
0100A814 |. 59 pop ecx
0100A815 |. 5B pop ebx
0100A816 |. 58 pop eax
0100A817 |. C9 leave
0100A818 \. C2 0400 retn 4
0100F7B0 . 44000000 dd 00000044
0100F7B4 . A9010000 dd 000001A9
0100F7B8 . BDFD807C dd kernel32.GlobalAlloc
0100F7BC . BFFC807C dd kernel32.GlobalFree
0100F7C0 . FACA817C dd kernel32.ExitProcess
0100F7C4 . 281A807C dd kernel32.CreateFileA
0100F7C8 . D79B807C dd kernel32.CloseHandle
0100F7CC . 2916807C dd kernel32.DeviceIoControl
0100F7D0 . 54000000 dd 00000054
0100F7D4 . B3260000 dd 000026B3
0100F7D8 . 01000000 dd 00000001
0100F7DC . 00212200 dd 00222100
0100F7E0 . 40222200 dd 00222240
0100F7E4 . 00004000 dd 00400000
0100F7E8 . 00004000 dd 00400000
0100F7EC . 00000000 dd 00000000
0100F7F0 . 4D5A9000 dd 00905A4D
0100F7F4 /. 55 push ebp
0100F7F5 |. 8BEC mov ebp, esp
0100F7F7 |. 50 push eax
0100F7F8 |. 53 push ebx
0100F7F9 |. 51 push ecx
0100F7FA |. 52 push edx
0100F7FB |. 56 push esi
0100F7FC |. 57 push edi
0100F7FD |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100F801 |. 8B42 34 mov eax, dword ptr [edx+34]
0100F804 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100F808 |. 83C2 40 add edx, 40
0100F80B |. 8BF2 mov esi, edx
0100F80D |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100F811 |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100F814 |. 8BD0 mov edx, eax
0100F816 |. 2BC3 sub eax, ebx
0100F818 |. 8BD8 mov ebx, eax
0100F81A |> 3E:8B06 mov eax, dword ptr [esi]
0100F81D |. 83F8 00 cmp eax, 0
0100F820 |. 0F84 29010000 je 0100F94F
0100F826 |. 03C2 add eax, edx
0100F828 |. 83C6 04 add esi, 4
0100F82B |. 3E:8B0E mov ecx, dword ptr [esi]
0100F82E |. 83C6 04 add esi, 4
0100F831 |. 83E9 08 sub ecx, 8
0100F834 |> 52 /push edx
0100F835 |. 51 |push ecx
0100F836 |. 33D2 |xor edx, edx
0100F838 |. 33C9 |xor ecx, ecx
0100F83A |. 66:3E:8B0E |mov cx, word ptr [esi]
0100F83E |. 83C6 02 |add esi, 2
0100F841 |. 66:8BD1 |mov dx, cx
0100F844 |. 66:C1EA 0C |shr dx, 0C
0100F848 |. 66:81E1 FF0F |and cx, 0FFF
0100F84D |. 50 |push eax
0100F84E |. 52 |push edx
0100F84F |. 53 |push ebx
0100F850 |. 51 |push ecx
0100F851 |. 57 |push edi
0100F852 |. 8BD0 |mov edx, eax
0100F854 |. 03D1 |add edx, ecx
0100F856 |. 36:8B5D 0C |mov ebx, dword ptr [ebp+C]
0100F85A |. 36:8B7D 10 |mov edi, dword ptr [ebp+10]
0100F85E |. 3BD7 |cmp edx, edi
0100F860 |. 72 13 |jb short 0100F875
0100F862 |. 03FB |add edi, ebx
0100F864 |. 3BD7 |cmp edx, edi
0100F866 |. 77 0D |ja short 0100F875
0100F868 |. 5F |pop edi
0100F869 |. 59 |pop ecx
0100F86A |. 5B |pop ebx
0100F86B |. 5A |pop edx
0100F86C |. 58 |pop eax
0100F86D |. 66:83FA 00 |cmp dx, 0
0100F871 |. 75 13 |jnz short 0100F886
0100F873 |. EB 05 |jmp short 0100F87A
0100F875 |> 5F |pop edi
0100F876 |. 59 |pop ecx
0100F877 |. 5B |pop ebx
0100F878 |. 5A |pop edx
0100F879 |. 58 |pop eax
0100F87A |> 59 |pop ecx
0100F87B |. 83E9 02 |sub ecx, 2
0100F87E |. 5A |pop edx
0100F87F |. 83F9 00 |cmp ecx, 0
0100F882 |.^ 74 96 |je short 0100F81A
0100F884 |.^ EB AE |jmp short 0100F834
0100F886 |> 66:83FA 01 |cmp dx, 1
0100F88A |. 75 28 |jnz short 0100F8B4
0100F88C |. 50 |push eax
0100F88D |. 52 |push edx
0100F88E |. 53 |push ebx
0100F88F |. 8BD0 |mov edx, eax
0100F891 |. 03D1 |add edx, ecx
0100F893 |. 3E:8B02 |mov eax, dword ptr [edx]
0100F896 |. 81E3 0000FFFF |and ebx, FFFF0000
0100F89C |. 2BC3 |sub eax, ebx
0100F89E |. 3E:8902 |mov dword ptr [edx], eax
0100F8A1 |. 5B |pop ebx
0100F8A2 |. 5A |pop edx
0100F8A3 |. 58 |pop eax
0100F8A4 |. 59 |pop ecx
0100F8A5 |. 83E9 02 |sub ecx, 2
0100F8A8 |. 5A |pop edx
0100F8A9 |. 83F9 00 |cmp ecx, 0
0100F8AC |.^ 0F84 68FFFFFF |je 0100F81A
0100F8B2 |.^ EB 80 |jmp short 0100F834
0100F8B4 |> 66:83FA 02 |cmp dx, 2
0100F8B8 |. 75 2B |jnz short 0100F8E5
0100F8BA |. 50 |push eax
0100F8BB |. 52 |push edx
0100F8BC |. 53 |push ebx
0100F8BD |. 8BD0 |mov edx, eax
0100F8BF |. 03D1 |add edx, ecx
0100F8C1 |. 3E:8B02 |mov eax, dword ptr [edx]
0100F8C4 |. 81E3 FFFF0000 |and ebx, 0FFFF
0100F8CA |. 2BC3 |sub eax, ebx
0100F8CC |. 3E:8902 |mov dword ptr [edx], eax
0100F8CF |. 5B |pop ebx
0100F8D0 |. 5A |pop edx
0100F8D1 |. 58 |pop eax
0100F8D2 |. 59 |pop ecx
0100F8D3 |. 83E9 02 |sub ecx, 2
0100F8D6 |. 5A |pop edx
0100F8D7 |. 83F9 00 |cmp ecx, 0
0100F8DA |.^ 0F84 3AFFFFFF |je 0100F81A
0100F8E0 |.^ E9 4FFFFFFF |jmp 0100F834
0100F8E5 |> 66:83FA 03 |cmp dx, 3
0100F8E9 |. 75 25 |jnz short 0100F910
0100F8EB |. 50 |push eax
0100F8EC |. 52 |push edx
0100F8ED |. 53 |push ebx
0100F8EE |. 8BD0 |mov edx, eax
0100F8F0 |. 03D1 |add edx, ecx
0100F8F2 |. 3E:8B02 |mov eax, dword ptr [edx]
0100F8F5 |. 2BC3 |sub eax, ebx
0100F8F7 |. 3E:8902 |mov dword ptr [edx], eax
0100F8FA |. 5B |pop ebx
0100F8FB |. 5A |pop edx
0100F8FC |. 58 |pop eax
0100F8FD |. 59 |pop ecx
0100F8FE |. 83E9 02 |sub ecx, 2
0100F901 |. 5A |pop edx
0100F902 |. 83F9 00 |cmp ecx, 0
0100F905 |.^ 0F84 0FFFFFFF |je 0100F81A
0100F90B |.^ E9 24FFFFFF |jmp 0100F834
0100F910 |> 66:83FA 04 |cmp dx, 4
0100F914 |. 75 34 |jnz short 0100F94A
0100F916 |. 50 |push eax
0100F917 |. 52 |push edx
0100F918 |. 53 |push ebx
0100F919 |. 8BD0 |mov edx, eax
0100F91B |. 03D1 |add edx, ecx
0100F91D |. 3E:8B02 |mov eax, dword ptr [edx]
0100F920 |. 66:3E:8B0E |mov cx, word ptr [esi]
0100F924 |. 83C6 02 |add esi, 2
0100F927 |. 81E3 0000FFFF |and ebx, FFFF0000
0100F92D |. 03D9 |add ebx, ecx
0100F92F |. 2BC3 |sub eax, ebx
0100F931 |. 3E:8902 |mov dword ptr [edx], eax
0100F934 |. 5B |pop ebx
0100F935 |. 5A |pop edx
0100F936 |. 58 |pop eax
0100F937 |. 59 |pop ecx
0100F938 |. 83E9 02 |sub ecx, 2
0100F93B |. 5A |pop edx
0100F93C |. 83F9 00 |cmp ecx, 0
0100F93F |.^ 0F84 D5FEFFFF |je 0100F81A
0100F945 |.^ E9 EAFEFFFF |jmp 0100F834
0100F94A |>^ E9 E5FEFFFF \jmp 0100F834
0100F94F |> 5F pop edi
0100F950 |. 5E pop esi
0100F951 |. 5A pop edx
0100F952 |. 59 pop ecx
0100F953 |. 5B pop ebx
0100F954 |. 58 pop eax
0100F955 |. C9 leave
0100F956 \. C2 0C00 retn 0C
0100F959 /. 55 push ebp
0100F95A |. 8BEC mov ebp, esp
0100F95C |. 50 push eax
0100F95D |. 53 push ebx
0100F95E |. 51 push ecx
0100F95F |. 52 push edx
0100F960 |. 56 push esi
0100F961 |. 57 push edi
0100F962 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100F966 |. 8B42 34 mov eax, dword ptr [edx+34]
0100F969 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100F96D |. 83C2 40 add edx, 40
0100F970 |. 8BF2 mov esi, edx
0100F972 |. 36:8B55 08 mov edx, dword ptr [ebp+8]
0100F976 |. 8B5A 38 mov ebx, dword ptr [edx+38]
0100F979 |. 8BD0 mov edx, eax
0100F97B |. 2BC3 sub eax, ebx
0100F97D |. 8BD8 mov ebx, eax
0100F97F |> 3E:8B06 mov eax, dword ptr [esi]
0100F982 |. 83F8 00 cmp eax, 0
0100F985 |. 0F84 29010000 je 0100FAB4
0100F98B |. 03C2 add eax, edx
0100F98D |. 83C6 04 add esi, 4
0100F990 |. 3E:8B0E mov ecx, dword ptr [esi]
0100F993 |. 83C6 04 add esi, 4
0100F996 |. 83E9 08 sub ecx, 8
0100F999 |> 52 /push edx
0100F99A |. 51 |push ecx
0100F99B |. 33D2 |xor edx, edx
0100F99D |. 33C9 |xor ecx, ecx
0100F99F |. 66:3E:8B0E |mov cx, word ptr [esi]
0100F9A3 |. 83C6 02 |add esi, 2
0100F9A6 |. 66:8BD1 |mov dx, cx
0100F9A9 |. 66:C1EA 0C |shr dx, 0C
0100F9AD |. 66:81E1 FF0F |and cx, 0FFF
0100F9B2 |. 50 |push eax
0100F9B3 |. 52 |push edx
0100F9B4 |. 53 |push ebx
0100F9B5 |. 51 |push ecx
0100F9B6 |. 57 |push edi
0100F9B7 |. 8BD0 |mov edx, eax
0100F9B9 |. 03D1 |add edx, ecx
0100F9BB |. 36:8B5D 0C |mov ebx, dword ptr [ebp+C]
0100F9BF |. 36:8B7D 10 |mov edi, dword ptr [ebp+10]
0100F9C3 |. 3BD7 |cmp edx, edi
0100F9C5 |. 72 13 |jb short 0100F9DA
0100F9C7 |. 03FB |add edi, ebx
0100F9C9 |. 3BD7 |cmp edx, edi
0100F9CB |. 77 0D |ja short 0100F9DA
0100F9CD |. 5F |pop edi
0100F9CE |. 59 |pop ecx
0100F9CF |. 5B |pop ebx
0100F9D0 |. 5A |pop edx
0100F9D1 |. 58 |pop eax
0100F9D2 |. 66:83FA 00 |cmp dx, 0
0100F9D6 |. 75 13 |jnz short 0100F9EB
0100F9D8 |. EB 05 |jmp short 0100F9DF
0100F9DA |> 5F |pop edi
0100F9DB |. 59 |pop ecx
0100F9DC |. 5B |pop ebx
0100F9DD |. 5A |pop edx
0100F9DE |. 58 |pop eax
0100F9DF |> 59 |pop ecx
0100F9E0 |. 83E9 02 |sub ecx, 2
0100F9E3 |. 5A |pop edx
0100F9E4 |. 83F9 00 |cmp ecx, 0
0100F9E7 |.^ 74 96 |je short 0100F97F
0100F9E9 |.^ EB AE |jmp short 0100F999
0100F9EB |> 66:83FA 01 |cmp dx, 1
0100F9EF |. 75 28 |jnz short 0100FA19
0100F9F1 |. 50 |push eax
0100F9F2 |. 52 |push edx
0100F9F3 |. 53 |push ebx
0100F9F4 |. 8BD0 |mov edx, eax
0100F9F6 |. 03D1 |add edx, ecx
0100F9F8 |. 3E:8B02 |mov eax, dword ptr [edx]
0100F9FB |. 81E3 0000FFFF |and ebx, FFFF0000
0100FA01 |. 03C3 |add eax, ebx
0100FA03 |. 3E:8902 |mov dword ptr [edx], eax
0100FA06 |. 5B |pop ebx
0100FA07 |. 5A |pop edx
0100FA08 |. 58 |pop eax
0100FA09 |. 59 |pop ecx
0100FA0A |. 83E9 02 |sub ecx, 2
0100FA0D |. 5A |pop edx
0100FA0E |. 83F9 00 |cmp ecx, 0
0100FA11 |.^ 0F84 68FFFFFF |je 0100F97F
0100FA17 |.^ EB 80 |jmp short 0100F999
0100FA19 |> 66:83FA 02 |cmp dx, 2
0100FA1D |. 75 2B |jnz short 0100FA4A
0100FA1F |. 50 |push eax
0100FA20 |. 52 |push edx
0100FA21 |. 53 |push ebx
0100FA22 |. 8BD0 |mov edx, eax
0100FA24 |. 03D1 |add edx, ecx
0100FA26 |. 3E:8B02 |mov eax, dword ptr [edx]
0100FA29 |. 81E3 FFFF0000 |and ebx, 0FFFF
0100FA2F |. 03C3 |add eax, ebx
0100FA31 |. 3E:8902 |mov dword ptr [edx], eax
0100FA34 |. 5B |pop ebx
0100FA35 |. 5A |pop edx
0100FA36 |. 58 |pop eax
0100FA37 |. 59 |pop ecx
0100FA38 |. 83E9 02 |sub ecx, 2
0100FA3B |. 5A |pop edx
0100FA3C |. 83F9 00 |cmp ecx, 0
0100FA3F |.^ 0F84 3AFFFFFF |je 0100F97F
0100FA45 |.^ E9 4FFFFFFF |jmp 0100F999
0100FA4A |> 66:83FA 03 |cmp dx, 3
0100FA4E |. 75 25 |jnz short 0100FA75
0100FA50 |. 50 |push eax
0100FA51 |. 52 |push edx
0100FA52 |. 53 |push ebx
0100FA53 |. 8BD0 |mov edx, eax
0100FA55 |. 03D1 |add edx, ecx
0100FA57 |. 3E:8B02 |mov eax, dword ptr [edx]
0100FA5A |. 03C3 |add eax, ebx
0100FA5C |. 3E:8902 |mov dword ptr [edx], eax
0100FA5F |. 5B |pop ebx
0100FA60 |. 5A |pop edx
0100FA61 |. 58 |pop eax
0100FA62 |. 59 |pop ecx
0100FA63 |. 83E9 02 |sub ecx, 2
0100FA66 |. 5A |pop edx
0100FA67 |. 83F9 00 |cmp ecx, 0
0100FA6A |.^ 0F84 0FFFFFFF |je 0100F97F
0100FA70 |.^ E9 24FFFFFF |jmp 0100F999
0100FA75 |> 66:83FA 04 |cmp dx, 4
0100FA79 |. 75 34 |jnz short 0100FAAF
0100FA7B |. 50 |push eax
0100FA7C |. 52 |push edx
0100FA7D |. 53 |push ebx
0100FA7E |. 8BD0 |mov edx, eax
0100FA80 |. 03D1 |add edx, ecx
0100FA82 |. 3E:8B02 |mov eax, dword ptr [edx]
0100FA85 |. 66:3E:8B0E |mov cx, word ptr [esi]
0100FA89 |. 83C6 02 |add esi, 2
0100FA8C |. 81E3 0000FFFF |and ebx, FFFF0000
0100FA92 |. 03D9 |add ebx, ecx
0100FA94 |. 03C3 |add eax, ebx
0100FA96 |. 3E:8902 |mov dword ptr [edx], eax
0100FA99 |. 5B |pop ebx
0100FA9A |. 5A |pop edx
0100FA9B |. 58 |pop eax
0100FA9C |. 59 |pop ecx
0100FA9D |. 83E9 02 |sub ecx, 2
0100FAA0 |. 5A |pop edx
0100FAA1 |. 83F9 00 |cmp ecx, 0
0100FAA4 |.^ 0F84 D5FEFFFF |je 0100F97F
0100FAAA |.^ E9 EAFEFFFF |jmp 0100F999
0100FAAF |>^ E9 E5FEFFFF \jmp 0100F999
0100FAB4 |> 5F pop edi
0100FAB5 |. 5E pop esi
0100FAB6 |. 5A pop edx
0100FAB7 |. 59 pop ecx
0100FAB8 |. 5B pop ebx
0100FAB9 |. 58 pop eax
0100FABA |. C9 leave
0100FABB \. C2 0C00 retn 0C
点破你的谎言,其他不予评论
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
